我正在尝试在 Ubuntu 18.04 中使用智能卡读卡器 Gemalto IDBridge K30,但没有成功。
我确实有libccid,opensc-pkcs11并且pcsc-tools安装了。
pcsc_scan确实检测到了:
PC/SC device scanner
V 1.5.2 (c) 2001-2017, Ludovic Rousseau <[email protected]>
Using reader plug'n play mechanism
Scanning present readers...
0: Gemalto USB Shell Token V2 (25D70BCC) 00 00
Sun Apr 12 16:01:08 2020
Reader 0: Gemalto USB Shell Token V2 (25D70BCC) 00 00
Card state: Card inserted,
ATR: 3B 7F 96 00 00 80 31 80 65 B0 85 03 00 EF 12 0F FE 82 90 00
ATR: 3B 7F 96 00 00 80 31 80 65 B0 85 03 00 EF 12 0F FE 82 90 00
+ TS = 3B --> Direct Convention
+ T0 = 7F, Y(1): 0111, K: 15 (historical bytes)
TA(1) = 96 --> Fi=512, Di=32, 16 cycles/ETU
250000 bits/s at 4 MHz, fMax for Fi = 5 MHz => 312500 bits/s
TB(1) = 00 --> VPP is not electrically connected
TC(1) = 00 --> Extra guard time: 0
+ Historical bytes: 80 31 80 65 B0 85 03 00 EF 12 0F FE 82 90 00
Category indicator byte: 80 (compact TLV data object)
Tag: 3, len: 1 (card service data byte)
Card service data byte: 80
- Application selection: by full DF name
- EF.DIR and EF.ATR access services: by GET RECORD(s) command
- Card with MF
Tag: 6, len: 5 (pre-issuing data)
Data: B0 85 03 00 EF
Tag: 1, len: 2 (country code, ISO 3166-1)
Country code: 0F FE
Tag: 8, len: 2 (status indicator)
SW: 9000
Possibly identified card (using /usr/share/pcsc/smartcard_list.txt):
3B 7F 96 00 00 80 31 80 65 B0 85 03 00 EF 12 0F FE 82 90 00
3B 7F .. 00 00 80 31 80 65 B0 .. .. .. .. 12 0F FE 82 90 00
IDPrime MD 8840, 3840, 3810, 840 and 830 Cards T=0
3B 7F 96 00 00 80 31 80 65 B0 85 03 00 EF 12 0F FE 82 90 00
Gemalto IDPrime MD 840 (PKI)
http://www.gemalto.com/Products/IDPrime_MD/index.html
但pkcs11-tool事实并非如此:
$ pkcs11-tool --verbose --test --module /usr/lib/x86_64-linux-gnu/opensc-pkcs11.so
No slot with a token was found.
以下是opensc-tool要说的内容:
$ opensc-tool -n
Using reader with a card: Gemalto USB Shell Token V2 (25D70BCC) 00 00
Unsupported card
如果有人能提供关于如何使其发挥作用的想法,我将不胜感激。
答案1
我不是专家。但我已经使用以下方法配置了 Gemalto 加密卡(使用 distrib debian jessie 完成)您需要添加另外 2 个软件包电脑等opensc。
apt-get install pcscd opensc
验证安装
pcsc_scan
opensc-tool -a -n
# erase si la clef a déjà été utilisée
pkcs15-init -E -T <\code>
#create a new card
pkcs15-init --create-pkcs15 --profile pkcs15+onepin --label "Pénom Nom"
# demande de pin
# demande de PUK (récupératione en cas de blocage
创建 RSA 私钥/公钥
pkcs15-init --auth-id 1 --generate-key rsa/2048 --key-usage sign,decrypt --label "Prenom Nom SSH Key"
# Be patient more than 30secondes}
查看关键结构:
pkcs15-tool dump
# just public keys
pkcs15-tool --list-public-keys
使用密钥的 ID 从卡中提取 RSA 公钥
# remplace with the good ID done by pkcs15-tool --dump
pkcs15-tool --read-ssh-key b70000568953221